CVE-2018-9483

Summary

In bta_dm_remove_sec_dev_entry of bta_dm_act.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Software

VendorProductVersion RangeStatus
GoogleAndroid7affected
GoogleAndroid8affected
GoogleAndroid8.1affected
GoogleAndroid9affected
GoogleAndroidnyc-mr1-devaffected
GoogleAndroidnyc-mr2-devaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References